How to Wear Your Password

We describe a new authentication paradigm that seeks to achieve both a desirable user experience and a high level of security. We describe a potential implementation of an identity manager in the guise of a smart bracelet. This bracelet would be equipped with a low-power processor, a Bluetooth LE transmitter, an accelerometer, and a clasp that is constructed so that opening and closing it would break and close a circuit, thereby allowing an automatic detection of when the bracelet is put on and taken off. For reasons of cost, design and error avoidance, the bracelet could be designed to not have any user interface, nor any biometric sensors: All user interaction could be assisted by third-party devices, such as user phones and point of sale terminals. Our approach is based on the principle of physical and logical tethering of an identity manager to a user (e.g., by closing the clasp), where an identity manager represents its user’s interests after an initial user authentication phase, and until the user causes a disassociation by untethering the device (e.g., by opening the clasp). The authentication phase can be based on any type of authentication, and – to allow for the greatest possible simplicity of design – can be aided by a third-party device, such as the user’s cell phone. We describe the physical design, including aspects to protect against violent attacks on users. We also describe the lightweight security protocols needed for pairing, determination of user intent, and credential management, and give examples of usage scenarios – including automated login; simplified online and point-of-sale purchases; assisted appliance personalization; and automated event logging. We then overview the protocols associated with the example usage scenarios, and discuss the security implications of our proposed design.